Skip to content

chore(deps): update hardhat packages (major)#222

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/major-hardhat-packages
Open

chore(deps): update hardhat packages (major)#222
renovate[bot] wants to merge 1 commit intomainfrom
renovate/major-hardhat-packages

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Nov 4, 2025
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change OpenSSF
@nomicfoundation/hardhat-foundry (source) dependencies major 1.2.03.0.2 OpenSSF Scorecard
@nomicfoundation/hardhat-ignition-viem (source) dependencies major 0.15.163.1.4 OpenSSF Scorecard
@nomicfoundation/hardhat-toolbox-viem (source) dependencies major 4.1.15.0.4 OpenSSF Scorecard
@nomiclabs/hardhat-solhint (source) dependencies major 4.1.05.0.0 OpenSSF Scorecard
hardhat (source) dependencies major 2.27.13.4.2 OpenSSF Scorecard

Release Notes

NomicFoundation/hardhat (@​nomicfoundation/hardhat-foundry)

v3.0.2

Compare Source

Patch Changes

v3.0.1

Compare Source

Patch Changes

v3.0.0

Compare Source

Major Changes
  • 4cd63e9: Introduce the @nomicfoundation/hardhat-foundry plugin for Hardhat 3

v1.2.1

Compare Source

NomicFoundation/hardhat (@​nomicfoundation/hardhat-ignition-viem)

v3.1.4

Compare Source

Patch Changes

v3.1.3

Compare Source

Patch Changes

v3.1.2

Compare Source

Patch Changes

v3.1.1

Compare Source

Patch Changes

v3.1.0

Compare Source

Minor Changes
Patch Changes

v3.0.9

Compare Source

Patch Changes

v3.0.8

Compare Source

Patch Changes
  • 6674b00: Bump hardhat-utils major

v3.0.7

Compare Source

Patch Changes
  • 2bc18b2: Bumped viem version across all packages 7861.

v3.0.6

Compare Source

Patch Changes
  • dac916b: Expose ignition retry loop variables in user config (Hardhat v3) (#​7303)

v3.0.5

Compare Source

Patch Changes
  • d1c1803: Make @nomicfoundation/hardhat-ignition's UI work well with other plugins, like Ledger's.

v3.0.4

Compare Source

Patch Changes
  • 843c1ae: Fixed a bug preventing Ignition from using the hre.config.ignition settings when deploying via script (#​7641)
  • 558ac5b: Update installation and config instructions

v3.0.3

Compare Source

Patch Changes

v3.0.2

Compare Source

Patch Changes
  • ddefbff: Added guard to stop multiple simultaneous calls to ignition.deploy(...) at once (#​6440)

v3.0.1

Compare Source

Patch Changes

v3.0.0

Compare Source

Major Changes
  • 29cc141: First release of Hardhat 3!
NomicFoundation/hardhat (@​nomicfoundation/hardhat-toolbox-viem)

v5.0.4

Compare Source

Patch Changes

  • #​8104 e27a7ad Thanks @​ChristopherDedominici! - Use code 3 for JSON-RPC revert error codes to align with standard node behavior and preserve error causes in viem/ethers.

  • #​8096 7fb721b Thanks @​alcuadrado! - [chore] Move to packages/ folder.

  • #​8116 88787e1 Thanks @​kanej! - Deprecate the hre.network.connect() method in favour of hre.network.create(), exactly the same method but more clearly indicating that it will create a new connection.

  • Updated dependencies:

    • hardhat@​3.4.0

v5.0.3

Compare Source

Patch Changes

v5.0.2

Compare Source

Patch Changes
  • 2bc18b2: Bumped viem version across all packages 7861.

v5.0.1

Compare Source

Patch Changes
  • 558ac5b: Update installation and config instructions

v5.0.0

Compare Source

Major Changes
  • 29cc141: First release of Hardhat 3!

v4.1.2

Compare Source

This release is a small bump to the version of solidity-coverage to include changes for the Osaka transaction gas limit.

Changes
  • a7e4215: Update solidity-coverage minimum version to include Osaka changes

💡 The Nomic Foundation is hiring! Check our open positions.

NomicFoundation/hardhat (@​nomiclabs/hardhat-solhint)

v5.0.0

Compare Source

v4.1.2

Compare Source

v4.1.1

Compare Source

NomicFoundation/hardhat (hardhat)

v3.4.2

Compare Source

Patch Changes

v3.4.1

Compare Source

Patch Changes

v3.4.0

Compare Source

Minor Changes
Patch Changes

v3.3.0

Compare Source

Minor Changes
Patch Changes

v3.2.0

Compare Source

Minor Changes
Patch Changes

v3.1.12

Compare Source

Patch Changes
  • 01b41ee: Added support for function gas snapshots and snapshot cheatcodes in Solidity tests with --snapshot and --snapshot-check flags (#​7769)
  • e37f96c: Add TestRunResult type that wraps TestSummary, allowing plugins to extend test results with additional data
  • bda5a0a: Bumped EDR version to 0.12.0-next.28

v3.1.11

Compare Source

Patch Changes

  • 2cbf218: Bumped EDR version to 0.12.0-next.27

    BREAKING CHANGE: Memory capture used to be enabled by default on geth, but has since been flipped ethereum/go-ethereum#23558 and is now disabled by default. We have followed suit and disabled it by default as well. If you were relying on memory capture, you will need to explicitly enable it by setting the enableMemory option to true in your tracer configuration.

  • bc193be: Use concrete value types for contract names in hardhat-viem and hardhat-ethers

  • 2cbf218: Make SolidityBuildSystem easier to work with (#​7988)

  • 19b691d: Fix typo in assertion message #​8028

  • 2cbf218: Expose Result type for task action success/failure signaling.

  • 2cbf218: Fixed the acceptance of relative paths to node_modules in npm remappings (#​8007)

  • 2cbf218: Implement a global banner logic in Hardhat 3 #​8021

  • 4ff11c1: Return typed Result from test runners and telemetry tasks (#​8015).

  • 2cbf218: Show fs paths and better error messages when a Solidity file can't be compiled with any configured compiler (#​7988)

  • 2cbf218: Add onTestRunStart, onTestWorkerDone, and onTestRunDone test hooks (#​8001)

v3.1.10

Compare Source

Patch Changes
  • ca26adb: Update hardhat node to always use the new node network (#​7989)[#​7989]
  • 87623db: Introduce new inter-process mutex implementation (7942).
  • 88e9cb5: Add a SolidityHooks#readNpmPackageRemappings hook
  • ec03a01: Allow overriding the type of the network configs default and localhost #​7805
  • 2c2e1f5: Throw better error messages when trying to use a Hardhat 2 plugin with Hardhat 3 #​7991.
  • 90b5eec: Suggest installing hardhat-foundry when appropriate
  • 87623db: Make the solc downloader safe when run by multiple processes (7946).
  • 726ff37: Update the --coverage table output to match the style used by --gas-stats. Thanks @​jose-blockchain! (#​7733)
  • f1e9b05: Added support for inline actions in tasks 7851.
  • 73cb725: Expose gasLimit configuration for Solidity tests #​7996

v3.1.9

Compare Source

Patch Changes
  • 621d07e: Make the coverage work with versions of Solidity that aren't fully supported by EDR #​7982
  • 3e39a06: Round average and median gas usage in the gas analytics output
  • 78af2ed: Allow multiple parallel downloads of different compilers (7946).

v3.1.8

Compare Source

Patch Changes
  • a6947fb: Use the official Linux ARM64 builds of solc in the production profile when available (#​7917).
  • fd42744: Fixed missing EIP-7212 precompile in Solidity Tests (#​7872).

v3.1.7

Compare Source

Patch Changes
  • 4995121: Suppressed pragma and license warnings in Solidity test files (7894).
  • 22adbcb: Added support for eth_getProof (3345).

v3.1.6

Compare Source

Patch Changes
  • 98fbf44: Implemented SolidityBuildSystemImplementation#compileBuildInfo (#​7891)
  • a9445c9: Added ArtifactManager#getAllArtifactPaths (#​7902)
  • a9445c9: Fixed typechain type generation when compiling a subset of the Solidity files (#​7902)
  • 127ce88: Suppress Hardhat console.sol memory-safe-assembly warning #​7862.
  • c40697b: Added a Solidity#build hook (#​7890)
  • 8e5610f: Fixed a bug where nested folders were not created during the HTML coverage report generation (#​7889)
  • 13a1e4b: Multiple internal fixes to the solidity build system (#​7900)
  • 0c47a69: Added compiler downloader retry in case of failure (#​7031)

v3.1.5

Compare Source

Patch Changes
  • 346f92a: Improve how solidity tests are displayed, making it more consistent with the js reporters.
  • 2bc18b2: Bumped viem version across all packages 7861.
  • 865e346: Updated the incorrect JSDOC against the preprocessProjectFileBeforeBuilding Solidity Hook (#​7870)
  • c9bdbd0: Added invokeSolc in SolidityHooks to allow plugins to respond to the input/output from solc (#​7646)

v3.1.4

Compare Source

Patch Changes
  • d7c13fa: Fixes a bug in how code coverage for Solidity tests is calculated (7767).
  • b6a9d5a: Hardhat tries to use the latest Solidity version supported by Slang in case the a newer, unsupported version is selected (7846).
  • 268acbf: Added HTML coverage report for solidity tests (7787).

v3.1.3

Compare Source

Patch Changes

v3.1.2

Compare Source

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies label Nov 4, 2025
sentry[bot]
sentry Bot reviewed Nov 4, 2025
View reviewed changes
Comment thread package.json Outdated
"@nomicfoundation/hardhat-toolbox-viem": "4.1.1",
"@nomicfoundation/hardhat-ignition-viem": "3.0.4",
"@nomicfoundation/hardhat-toolbox-viem": "5.0.1",
"@nomiclabs/hardhat-solhint": "4.1.0",
Copy link
Copy Markdown

@sentry sentry Bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Hardhat v3 upgrade breaks @nomiclabs/hardhat-solhint due to peer dependency mismatch and API incompatibility.
Severity: CRITICAL | Confidence: 1.00

🔍 Detailed Analysis

The @nomiclabs/hardhat-solhint plugin, version 4.1.0, has a peer dependency on Hardhat v2 (^2.26.0). This pull request upgrades Hardhat to v3.0.11, which is a major version change and a complete rewrite. When the Hardhat configuration attempts to load this plugin, it will encounter a peer dependency violation or a runtime initialization failure due to incompatible APIs, preventing Hardhat commands from executing.

💡 Suggested Fix

Update @nomiclabs/hardhat-solhint to a version compatible with Hardhat v3, or remove it if no compatible version exists.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L43

Potential issue: The `@nomiclabs/hardhat-solhint` plugin, version 4.1.0, has a peer
dependency on Hardhat v2 (`^2.26.0`). This pull request upgrades Hardhat to v3.0.11,
which is a major version change and a complete rewrite. When the Hardhat configuration
attempts to load this plugin, it will encounter a peer dependency violation or a runtime
initialization failure due to incompatible APIs, preventing Hardhat commands from
executing.

Did we get this right? 👍 / 👎 to inform future reviews.

Comment thread package.json Outdated
@@ -38,12 +38,12 @@
"@graphprotocol/graph-cli": "0.96.0",
"@graphprotocol/graph-ts": "0.38.0",
"@nomicfoundation/hardhat-foundry": "1.2.0",
Copy link
Copy Markdown

@sentry sentry Bot Nov 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Missing direct dependency for @nomicfoundation/hardhat-ignition causes version mismatch with new Ignition packages.
Severity: CRITICAL | Confidence: 1.00

🔍 Detailed Analysis

The pull request introduces @nomicfoundation/hardhat-ignition-viem@3.0.4 and @nomicfoundation/hardhat-toolbox-viem@5.0.1 as direct dependencies. Both packages have a peer dependency on @nomicfoundation/hardhat-ignition (specifically ^3.0.2 and ^3.0.0 respectively). However, @nomicfoundation/hardhat-ignition is not added as a direct dependency, and the bun.lock file only contains an older version (0.15.15). This mismatch will cause import failures when ignition/modules/main.ts attempts to import { buildModule } from "@nomicfoundation/hardhat-ignition/modules";, leading to deployment failures.

💡 Suggested Fix

Add @nomicfoundation/hardhat-ignition as a direct dependency with a version compatible with ^3.0.2 (e.g., ^3.0.2).

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: package.json#L40

Potential issue: The pull request introduces
`@nomicfoundation/hardhat-ignition-viem@3.0.4` and
`@nomicfoundation/hardhat-toolbox-viem@5.0.1` as direct dependencies. Both packages have
a peer dependency on `@nomicfoundation/hardhat-ignition` (specifically `^3.0.2` and
`^3.0.0` respectively). However, `@nomicfoundation/hardhat-ignition` is not added as a
direct dependency, and the `bun.lock` file only contains an older version (`0.15.15`).
This mismatch will cause import failures when `ignition/modules/main.ts` attempts to
`import { buildModule } from "@nomicfoundation/hardhat-ignition/modules";`, leading to
deployment failures.

Did we get this right? 👍 / 👎 to inform future reviews.

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Nov 4, 2025
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 4 times, most recently from 3d7d7d4 to f02e311 Compare November 12, 2025 22:56
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch from f02e311 to ac066af Compare November 16, 2025 03:02
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 3 times, most recently from 3c722d6 to 6b67ea5 Compare December 4, 2025 04:56
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch from 6b67ea5 to 0686a6b Compare December 11, 2025 03:22
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 0f9bd1d to 126be76 Compare December 30, 2025 15:42
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 56730db to b17c017 Compare January 14, 2026 19:26
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch from b17c017 to 39833d2 Compare January 19, 2026 22:47
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 416b12c to 0aa9340 Compare February 5, 2026 19:15
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch from 0aa9340 to 62e38e6 Compare February 12, 2026 13:07
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 3 times, most recently from b0c6389 to 10b76d2 Compare February 26, 2026 19:17
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 613ce5c to e562389 Compare March 11, 2026 15:53
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch 2 times, most recently from 3916175 to 157dd84 Compare March 19, 2026 22:34
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch from 157dd84 to 98e0814 Compare March 26, 2026 19:30
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch from 98e0814 to defa5ea Compare April 16, 2026 21:08
@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 16, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updated@​nomiclabs/​hardhat-solhint@​4.1.0 ⏵ 5.0.09310069 -1388 +6100
Updated@​nomicfoundation/​hardhat-foundry@​1.2.0 ⏵ 3.0.288 +110079 +591 +10100
Updatedhardhat@​2.27.1 ⏵ 3.4.199 +610082 -996 -1100 +20
Updated@​nomicfoundation/​hardhat-ignition-viem@​0.15.16 ⏵ 3.1.388 +210083 -296 +2100
Updated@​nomicfoundation/​hardhat-toolbox-viem@​4.1.1 ⏵ 5.0.483 -610089 +1494 +1100

View full report

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 16, 2026
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
High CVE: lodash vulnerable to Code Injection via _.template imports key names in npm `lodash-es`

CVE: GHSA-r5fr-rjxr-66jc lodash vulnerable to Code Injection via _.template imports key names (HIGH)

Affected versions: >= 4.0.0 < 4.18.0

Patched version: 4.18.0

From: ?npm/@nomicfoundation/hardhat-toolbox-viem@5.0.4npm/@nomicfoundation/hardhat-ignition-viem@3.1.3npm/lodash-es@4.17.21

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/lodash-es@4.17.21. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: npm typescript

License: LicenseRef-W3C-Community-Final-Specification-Agreement - The applicable license policy does not permit this license (5) (package/ThirdPartyNoticeText.txt)

From: ?npm/@nomicfoundation/hardhat-toolbox-viem@5.0.4npm/@nomicfoundation/hardhat-ignition-viem@3.1.3npm/@graphprotocol/graph-cli@0.96.0npm/solhint@6.0.1npm/typescript@6.0.3

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/typescript@6.0.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch from defa5ea to c82d1e3 Compare April 22, 2026 19:14
@renovate
chore(deps): update hardhat packages
04f2ba0 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate Bot force-pushed the renovate/major-hardhat-packages branch from c82d1e3 to 04f2ba0 Compare April 27, 2026 16:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@sentry sentry[bot] sentry[bot] left review comments

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants